The proliferation of IoT devices and IoT exploit kits may make 2017 a turning point in DDoS attacks requiring new defence tactics, warns Deloitte

Organisations have generally been able to keep pace with the increasing size, frequency and impact of distributed denial of service (DDoS) attacks, but that may change in 2017, Deloitte has warned.

DDoS is not a new topic, but the potential scale of the problem in 2017 is, according to the latest Technology, media and telecommunications predictions report from Deloitte.

The size of DDoS attacks increased by an average of 30% a year from 2013 to 2015, but 2016 saw the first two attacks of one terabit per second (Tbps) or more, and Deloitte predicts that trend will continue in 2017.

According to the report, 2017 will see an average of one attack a month reaching at least 1Tbps in size, with the number of DDoS attacks for the year expected to reach 10 million.

Deloitte predicts an average attack size of 1.25Gbps to 1.5Gbps, and the report points out that an unmitigated attack in this size range would be sufficient to take many organisations offline.

The anticipated escalation is due to three concurrent trends, the report said.

First, the growing installed base of insecure internet of things (IoT) devices that are usually easier to incorporate into botnets than PCs, smartphones and tablets.

Second, the online availability of malware methodologies such as Mirai, which allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks.

Third, the availability of ever-higher bandwidth speeds, which means that each compromised device can send a lot more junk data.

The report warns that the consequence of the growth of IoT devices alone could mean that content distribution networks (CDNs) and local mitigations may not be able to scale readily to mitigate the impact of concurrent large-scale attacks, requiring a new approach to tackling DDoS attacks.

Phill Everson, head of cyber risk services, Deloitte UK, said a DDoS attack aims to make a website or connected device inaccessible.

“DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time. The shop struggles to identify genuine customers and quickly becomes overwhelmed. The consequence could see an online commerce site temporarily unable to transact, or a government site not able to process tax returns,” he said.

Everson said the expected volume and scale of DDoS attacks in 2017 would challenge the defences of most organisations, regardless of size.

“Businesses of all sizes should acknowledge the growing DDoS threat and consider how best to handle attacks of these magnitudes,” he said.

Any organisation that is increasing its dependence on the internet should be aware of a potential spike in the impact of such attacks, according to the report.

The entities that should remain alert include, but are not limited to, retailers with a high share of online revenues, online video game companies, video streaming services, online business and service delivery companies such as financial services firms, and government online services, the report said.

“Some organisations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive. Unfortunately, it may never be possible to relax about DDoS attacks,” authors of the report said.

Deloitte recommends that companies and governments should consider a range of options to mitigate the impact of DDoS attacks, such as decentralising critical functions like cloud computing, leasing a larger bandwidth capacity than they need, proactively identifying weaknesses and vulnerabilities related to DDoS attacks, developing agile defence techniques, and introducing granular traffic filtering capabilities.